Assembly Language |
Introduction / 1.0: |
Registers / 1.1: |
General Purpose Register / 1.1.1: |
FLAGS Register / 1.1.2: |
80x86 Instruction Format / 1.2: |
Instruction Prefix / 1.2.1: |
Lock and Repeat Prefixes / 1.2.2: |
Segment Override Prefixes / 1.2.3: |
Opcode / 1.2.4: |
Instructions / 1.3: |
Basic Instructions / 1.3.1: |
Floating Point Instruction / 1.3.2: |
Stack Setup / 1.4: |
Passing Parameters in C to the Procedure / 1.4.1: |
Local Data Space on the Stack / 1.4.2: |
Calling Conventions / 1.5: |
cdecl calling convention / 1.5.1: |
fastcall calling convention / 1.5.2: |
stdcall calling convention / 1.5.3: |
thiscall / 1.5.4: |
Data Constructs / 1.6: |
Global Variables / 1.6.1: |
Local Variables / 1.6.2: |
Imported Variables / 1.6.3: |
Thread Local Storage (TLS) / 1.6.5: |
Executable Data Section / 1.6.6: |
Representation of Arithmetic Operations in Assembly / 1.7: |
Multiplication / 1.7.1: |
Division / 1.7.2: |
Modulo / 1.7.3: |
Representation of Data Structure in Assembly / 1.8: |
Representation of Array in Assembly / 1.8.1: |
Representation of Linked List in Assembly / 1.8.2: |
Virtual Function Call in Assembly / 1.9: |
Representation of classes in Assembly / 1.9.1: |
Conclusion / 1.10: |
Fundamental of Windows |
Memory Management / 2.0: |
Virtual Memory Management / 2.1.1: |
Virtual Memory Management in Windows NT / 2.1.1.1: |
Impact of Hooking / 2.1.1.2: |
Segmented Memory Management / 2.1.2: |
Paged Memory Management / 2.1.3: |
Kernel Memory and User Memory / 2.2: |
Kernel Memory Space / 2.2.1: |
Section Object / 2.2.2: |
Virtual Address Descriptor / 2.3: |
User Mode Address Space / 2.3.1: |
Memory Management in Windows / 2.3.2: |
Objects and Handles / 2.3.3: |
Named Objects / 2.3.4: |
Processes and Threads / 2.4: |
Context Switching / 2.4.1: |
Context Switches and Mode Switches / 2.4.1.1: |
Synchronization Objects / 2.4.2: |
Critical Section / 2.4.2.1: |
Mutex / 2.4.2.2: |
Semaphore / 2.4.2.3: |
Event / 2.4.2.4: |
Metered Section / 2.4.2.5: |
Process Initialization Sequence / 2.5: |
Application Programming Interface / 2.5.1: |
Reversing Windows NT / 2.6: |
ExpEchoPoolCalls / 2.6.1: |
ObpShowAllocAndFree / 2.6.2: |
LpcpTraceMessages / 2.6.3: |
MmDebug / 2.6.4: |
NtGlobalFlag / 2.6.5: |
SepDumpSD / 2.6.6: |
CmLogLevel and CmLogSelect / 2.6.7: |
Security Features in Vista / 2.7: |
Address Space Layout Randomization (ASLR) / 2.7.1: |
Stack Randomization / 2.7.2: |
Heap Defenses / 2.7.3: |
NX / 2.7.4: |
/GS / 2.7.5: |
Pointer Encoding / 2.7.6: |
Cryptographic API in Windows Vista / 2.7.7: |
Crypto-Agility / 2.7.8: |
CryptoAgility in CNG / 2.7.9: |
Algorithm Providers / 2.7.10: |
Random Number Generator / 2.7.11: |
Hash Functions / 2.7.12: |
Symmetric Encryption / 2.7.13: |
Asymmetric Encryption / 2.7.14: |
Signatures and Verification / 2.7.15: |
Portable Executable File Format / 2.8: |
PE file Format / 3.0: |
Import Address Table / 3.2: |
Executable and Linking Format / 3.3: |
ELF Header / 3.3.1: |
The Program Header Table / 3.3.2: |
Reversing Binaries for Identifying Vulnerabilities / 3.4: |
Stack Overflow / 4.0: |
CAN-2002-1123 Microsoft SQL Server 'Hello' Authentication Buffer Overflow" / 4.1.1: |
CAN-2004-0399 Exim Buffer Overflow / 4.1.2: |
Stack Checking / 4.1.3: |
Off-by-One Overflow / 4.2: |
OpenBSD 2.7 FTP Daemon Off-by-One / 4.2.1: |
Non-Executable Memory / 4.2.3: |
Heap Overflows / 4.3: |
Heap Based Overflows / 4.3.1: |
Integer Overflows / 4.4: |
Types Integer Overflow / 4.4.1: |
CAN-2004-0417 CVS Max dotdot Protocol Command Integer Overflow / 4.4.2: |
Format String / 4.5: |
Format String Vulnerability / 4.5.1: |
Format String Denial of Service Attack / 4.5.2: |
Format String Vulnerability Reading Attack / 4.5.3: |
SEH Structure Exception Handler / 4.6: |
Exploiting the SEH / 4.6.1: |
Writing Exploits General Concepts / 4.7: |
Stack Overflow Exploits / 4.7.1: |
Injection Techniques / 4.7.2: |
Optimizing the Injection Vector / 4.7.3: |
The Location of the Payload / 4.8: |
Direct Jump (Guessing Offsets) / 4.8.1: |
Blind Return / 4.8.2: |
Pop Return / 4.8.3: |
No Operation Sled / 4.8.4: |
Call Register / 4.8.5: |
Push Return / 4.8.6: |
Calculating Offset / 4.8.7: |
Fundamental of Reverse Engineering / 4.9: |
Anti-Reversing Method / 5.0: |
Anti Disassembly / 5.2.1: |
Linear Sweep Disassembler / 5.2.1.1: |
Recursive Traversal Disassembler / 5.2.1.2: |
Evasion of Disassemble / 5.2.1.3: |
Self Modifying Code / 5.2.2: |
Virtual Machine Obfuscation / 5.2.3: |
Anti Debugging Techniques / 5.3: |
BreakPoints / 5.3.1: |
Software Breakpoint / 5.3.1.1: |
Hardware Breakpoint / 5.3.1.2: |
Detecting Hardware BreakPoint / 5.3.1.3: |
Virtual Machine Detection / 5.4: |
Checking Fingerprint Inside Memory, File System and Registry / 5.4.1: |
Checking System Tables / 5.4.2: |
Checking Processor Instruction Set / 5.4.3: |
Unpacking / 5.5: |
Manual Unpacking of Software / 5.5.1: |
Finding an Original Entry Point of an Executable / 5.5.1.1: |
Taking Memory Dump / 5.5.1.2: |
Import Table Reconstruction / 5.5.1.3: |
Import Redirection and Code emulation / 5.5.1.4: |
Appendix / 5.6: |
Index |
Assembly Language |
Introduction / 1.0: |
Registers / 1.1: |
General Purpose Register / 1.1.1: |
FLAGS Register / 1.1.2: |
80x86 Instruction Format / 1.2: |